CVE-2024-31246

2024-06-0909:15:11

CWE-862

[email protected]

web.nvd.nist.gov

cve-2024-31246

missing authorization

post grid team

wpxpo postx

gutenberg blocks

vulnerability

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Missing Authorization vulnerability in Post Grid Team by WPXPO PostX – Gutenberg Blocks for Post Grid.This issue affects PostX – Gutenberg Blocks for Post Grid: from n/a through 3.2.3.

Affected configurations

Vulners

Node

post_grid_team_by_wpxpopostx_–_gutenberg_blocks_for_post_gridRange≤3.2.3

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "ultimate-post",
    "product": "PostX – Gutenberg Blocks for Post Grid",
    "vendor": "Post Grid Team by WPXPO",
    "versions": [
      {
        "changes": [
          {
            "at": "3.2.4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.2.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/ultimate-post/wordpress-post-grid-gutenberg-blocks-and-wordpress-blog-plugin-postx-plugin-3-2-3-author-post-page-duplication-vulnerability?_s_id=cve